METHOD FOR EXPRESSING, STORING AND EDITING NETWORK SECURITY POLICY

摘要

PURPOSE: A method for expressing, storing and editing a network security policy is provided to reduce development cost and time for policy-based network security management system, and to allow a designer to directly design an operation structure of a network security policy management tool, database schema and a structure of an object. CONSTITUTION: SecurityRule is a class for a rule object(200) including attributes of a rule itself. OnePacketCondition is a class for a condition object(310) indicating a condition for analyzing one packet. ConditionListType is an attribute indicating a combination method of each item for analyzing OnePacketCondition. VariableValueComparisonCondition is a class for condition objects(310a,310b) indicating a condition for comparing a field of a packet header with a value. Operator is an attribute indicating an operator to be used for checking. PayloadMatchingCondition is a class for a condition object(310c) for checking which content is included in a payload of a packet. PayloadVariable is a class for a variable object(310j) indicating a payload. AggregatedAlertAction is a class for an operation object(410a) indicating an alarming a rule applied situation. AggregatedAlertAction has an attribute of AlertDescription indicating descriptions for the rule applied situation. MessageStoreAction is a class indicating an operation object(410b) storing an alarm message. MessageShowAction is a class indicating an operation object(410c) outputting the alarm message.